From: Holger Dengler <dengler@linux.ibm.com>
To: Harald Freudenberger <freude@linux.ibm.com>,
Ingo Franzki <ifranzki@linux.ibm.com>
Cc: dengler@linux.ibm.com, linux-s390@vger.kernel.org,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>
Subject: [PATCH v2 1/1] pkey: Fix for PKEY_VERIFYPROTK iotl
Date: Tue, 23 Jun 2026 12:20:16 +0200 [thread overview]
Message-ID: <20260623102016.3930343-2-dengler@linux.ibm.com> (raw)
In-Reply-To: <20260623102016.3930343-1-dengler@linux.ibm.com>
Remove the keytype calculation based on key length. The verification,
including the keytype check, is the responsibility of the pkey
handler.
The removal also fixes a bug in the key-length calculation, which is
now no longer required.
Cc: stable@kernel.org # 6.12+
Fixes: 8fcc231ce3be ("s390/pkey: Introduce pkey base with handler registry and handler modules")
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
---
drivers/s390/crypto/pkey_api.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 28e1007005f2..5d8f63f390a8 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -327,7 +327,6 @@ static int pkey_ioctl_verifyprotk(struct pkey_verifyprotk __user *uvp)
{
struct pkey_verifyprotk kvp;
struct protaeskeytoken *t;
- u32 keytype;
u8 *tmpbuf;
int rc;
@@ -341,14 +340,6 @@ static int pkey_ioctl_verifyprotk(struct pkey_verifyprotk __user *uvp)
return -EINVAL;
}
- keytype = pkey_aes_bitsize_to_keytype(8 * kvp.protkey.len);
- if (!keytype) {
- PKEY_DBF_ERR("%s unknown/unsupported protkey length %u\n",
- __func__, kvp.protkey.len);
- memzero_explicit(&kvp, sizeof(kvp));
- return -EINVAL;
- }
-
/* build a 'protected key token' from the raw protected key */
tmpbuf = kzalloc(sizeof(*t), GFP_KERNEL);
if (!tmpbuf) {
@@ -358,7 +349,7 @@ static int pkey_ioctl_verifyprotk(struct pkey_verifyprotk __user *uvp)
t = (struct protaeskeytoken *)tmpbuf;
t->type = TOKTYPE_NON_CCA;
t->version = TOKVER_PROTECTED_KEY;
- t->keytype = keytype;
+ t->keytype = kvp.protkey.type;
t->len = kvp.protkey.len;
memcpy(t->protkey, kvp.protkey.protkey, kvp.protkey.len);
--
2.54.0
next prev parent reply other threads:[~2026-06-23 10:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-23 10:20 [PATCH v2 0/1] pkey: Fix for PKEY_VERIFYPROTK ioctl Holger Dengler
2026-06-23 10:20 ` Holger Dengler [this message]
2026-06-23 11:13 ` [PATCH v2 1/1] pkey: Fix for PKEY_VERIFYPROTK iotl Alexander Gordeev
2026-06-23 13:25 ` Holger Dengler
2026-06-23 13:55 ` Alexander Gordeev
2026-06-23 13:28 ` Ingo Franzki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260623102016.3930343-2-dengler@linux.ibm.com \
--to=dengler@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=ifranzki@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.